* (no subject)
@ 2007-05-24 14:03 Kirkwood, David A.
2007-05-24 14:22 ` watches on rotated files, was " Steve Grubb
0 siblings, 1 reply; 2+ messages in thread
From: Kirkwood, David A. @ 2007-05-24 14:03 UTC (permalink / raw)
To: linux-audit
[-- Attachment #1.1: Type: text/plain, Size: 276 bytes --]
How do I place a watch on files that are being rotated? For example: I
want to audit the audit logs themselves , and when they are rotated I
need to watch the new audit log that is created as well as the rotated
logs.
Thanks,
David A. Kirkwood
[-- Attachment #1.2: Type: text/html, Size: 2124 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: watches on rotated files, was (no subject)
2007-05-24 14:03 (no subject) Kirkwood, David A.
@ 2007-05-24 14:22 ` Steve Grubb
0 siblings, 0 replies; 2+ messages in thread
From: Steve Grubb @ 2007-05-24 14:22 UTC (permalink / raw)
To: linux-audit; +Cc: Kirkwood, David A.
On Thursday 24 May 2007 10:03, Kirkwood, David A. wrote:
> How do I place a watch on files that are being rotated?
I suspect the files have to exist to place a watch on them. You can just touch
them to create them empty. ausearch/aureport probably doesn't care. We are
working on a directive to allow auditing a directory and its whole subtree
for RHEL5 and 2.6.23. Al should be posting the code for review rsn.
-Steve
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2007-05-24 14:22 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-05-24 14:03 (no subject) Kirkwood, David A.
2007-05-24 14:22 ` watches on rotated files, was " Steve Grubb
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.